View Full Version : floating point and si

November 6th, 2000, 18:45
i have the following line in a vb-crackme:

cmp dword ptr[ebp-28], 41047ae1

where [ebp-28] is shown in register st0. how can i make the value "41047ae1" visible? it's a packed floating point const and "? 4104..." doesn't work.

any ideas?


November 6th, 2000, 18:56
It's kinda hard to make out what you are asking here, but what is a "packed floating point const" ? and what's a st0 register ?

first of all if you do ? 41047ae1 there is no reason for it to fail since all it does is converts that hex value to a decimal and ascii value. Second, to see what's in the [ebp-28] you do: ? *(ebp-28)
or just do a: e (ebp-28) and that will put you in the data window right where the bytes are and you can read them and write them down, so you could use a calculator to convert them to whatever you want.


November 7th, 2000, 13:29
Presuming this to be a single real (32 bits), it has an exponent of 8 bits and a 24 bit precision.

The representation you have is 41047ae1.
Now the first bit is the sign, in this case 1=positive.
then the next 8 bits are the exponent, plus a biasing constant. In this case (41)*2+0 - 7f = 3 , indicating that the number is -x * 2^(3) where x is given by the bits of 047ae1 converted into decimal, but there is an implied 1 at the front. So in other words, in binary the number is 1.000 0100 0111 1010 1110 0001
so it is 847ae1 divided by 2^23
hence our number is 8682209 * 2^-20 or 8.28

this presumes the standard ieee fp format of course

November 7th, 2000, 13:30
1=positive...........whoops. should be 0 = positive.

November 8th, 2000, 12:01
Floating point registers are not strictly speaking registers (although they can be considered as such). The floating point unit has an internal stack consisting of a number of 80 bit "data registers". These can obviously be manipulated by floating point instructions and you have to specify which register(s) your instructions will access. The registers are identified as follows :- st(0) is the register on top of the stack, st(1) is the next one, st(2) the next ... and so on.

November 8th, 2000, 16:13
> Floating point registers are not strictly
> speaking registers (although they can be
> considered as such).

Strictly speaking, they are exactly registers,
i.e. visible D flipflops.


November 8th, 2000, 18:03
What I meant was that normally a register is static ie eax is always eax but the st(0) is described as a register but is in fact a pointer to a register (well, a value on a stack).

November 9th, 2000, 12:20
wf to toggle floating point registers display...

wf b|w|d|f|p|* are ure different options..

dl <address>
ds <address>
dt <address>

to display different floats in your data window..

November 10th, 2000, 14:46
thanks for your help